At this time an authentication session at the Auth0 service (one that can be leveraged by
checkSession) will last until the maximum lifetime is reached (configured through SSO Cookie Timeout setting in the advanced tenant settings) or the maximum inactivity time out is reached (currently set to three days and non-configurable).
In addition, and as you experienced the Token Expiration For Browser Flows (Seconds) has a hard limit of 86400 (24 hours); the maximum allowed can be less depending on how Token Expiration (Seconds) is set, but it can never be greater than 86400.
Taking in consideration the limit in the token expiration and the non-configurable inactivity timeout on the session it’s currently not possible to guarantee the requirement that a SPA is able to maintain an active local session through a complete week without asking the user to login again. It may be possible if the user is active every other day, but this is not guaranteed. I know there’s planned work on giving more control over the authentication session at the Auth0 service which could make the current inactivity timeout irrelevant and then allow the use of
checkSession to meet that requirement, but at this time I don’t believe that is possible.